83 matches found
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability ---------------------------------------------------------------------...
phpFox <= 3.0.1 (ajax.php) Remote Command Execution Exploit
No description provided by source. ?php / ----------------------------------------------------------- phpFox = 3.0.1 ajax.php Remote Command Execution Exploit ----------------------------------------------------------- author.............: Egidio Romano aka EgiX mail...............:...
RoSPORA <= 1.5.0 - Remote PHP Code Injection
No description provided by source. ?php / -------------------------------------------------- RoSPORA = 1.5.0 Remote PHP Code Injection Exploit -------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://code.google.com/p/rospora/ This PoC...
Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
Feed on Feeds <= 0.5 - Remote PHP Code Injection Exploit
No description provided by source. ?php / ------------------------------------------------------ Feed on Feeds = 0.5 Remote PHP Code Injection Exploit ------------------------------------------------------ author..........: EgiX mail............: n0b0d13satgmaildotcom software link...:...
Zenphoto <= 1.4.1.4 (ajax_create_folder.php) Remote Code Execution
No description provided by source. ?php / -------------------------------------------------------------------------- Zenphoto = 1.4.1.4 ajaxcreatefolder.php Remote Code Execution Exploit -------------------------------------------------------------------------- author............: Egidio Romano a...
Drake CMS <= 0.4.11 Remote Blind SQL Injection Exploit
No description provided by source. ?php / ------------------------------------------------------ Drake CMS = 0.4.11 Remote Blind SQL Injection Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://drakecms.sourceforge.net...
WeBid converter.php Remote PHP Code Injection
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
WebCalendar <= 1.2.4 (install/index.php) Remote Code Execution
No description provided by source. ?php / ----------------------------------------------------------------------- WebCalendar = 1.2.4 install/index.php Remote Code Executionn Exploit ----------------------------------------------------------------------- author..........: Egidio Romano aka EgiX...
La-Nai CMS <= 1.2.16 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------------- La-Nai CMS = 1.2.16 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit
No description provided by source. ?php / ----------------------------------------------------------------------- Dokeos LMS = 1.8.5 whoisonline.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------- author...: EgiX mail.....:...
Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution
Tiki Wiki CMS Groupware 'unserialize'多个远程PHP代码执行漏洞 漏洞类型: 设计缺陷 漏洞成因: Tiki Wiki CMS Groupware v6.9、9.3之前版本存在安全漏洞,某些脚本对用户控制的输入使用了 "unserialize"操作,攻击者可利用此漏洞在受影响应用中注入和执行任意PHP代码。 修补建议: 更新到最新版本 http://info.tiki.org/article210-Tiki-10-0-is-here ?php /...
Docebo <= 3.5.0.3 (lib.regset.php) Command Execution Exploit
No description provided by source. ? / ------------------------------------------------------------------- Docebo = 3.5.0.3 lib.regset.php Remote Command Execution Exploit ------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.......
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit
No description provided by source. ?php / --------------------------------------------------------------------- appRain CMF = 0.1.5 uploadify.php Unrestricted File Upload Exploit --------------------------------------------------------------------- author............: Egidio Romano aka EgiX...
Site@School <= 2.4.10 (fckeditor) Session Hijacking / File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit ------------------------------------------------------------------------- author...: EgiX mail.....:...
phpScheduleIt <= 1.2.10 (reserve.php) Remote Code Execution Exploit
No description provided by source. ?php / ------------------------------------------------------------------- phpScheduleIt = 1.2.10 reserve.php Remote Code Execution Exploit ------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...
phpMyFAQ <= 2.7.0 (ajax_create_folder.php) Remote Code Execution
No description provided by source. ?php / ------------------------------------------------------------------------ phpMyFAQ = 2.7.0 ajaxcreatefolder.php Remote Code Execution Exploit ------------------------------------------------------------------------ author............: Egidio Romano aka Egi...
Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
ZeusCMS <= 0.3 - Remote Blind SQL Injection Exploit
No description provided by source. ? / ------------------------------------------------- ZeusCMS = 0.3 Remote Blind SQL Injection Exploit ------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.zeuscms.gr/ details..: works with...
Horde Framework Unserialize PHP Code Execution
This Metasploit module exploits a php unserialize vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize exists in the 'lib/Horde/Variables.php' file. The...